Cross-domain issue resolved

Others 2019-06-09 10:31:57 views: null

One: What is cross-domain

concept:

   JavaScript for security reasons, does not allow cross-domain calls subject to other pages. So what is it cross-domain, simply understand that because of the restrictions JavaScript same origin policy, a.com can not operate under the domain name of the object in js or cacom b.com domain.

   When the protocol, the sub-domain, the domain master, the port number is not the same as any one, they are counted as different domains. Mutual request resources between different domains, even as a "cross-domain."

   For example: http://www.abc.com/index.html  request  http://www.efg.com/service.php .

   One thing must be noted: cross-domain request is not unable to go, the request can be sent out, the server to receive the request and return to normal result, but the result was the browser blocks. The reason for cross-domain, because of limited homology strategy, the same origin policy requires it to function properly communicate that protocol, domain names, port numbers are exactly the same.

The same domain:

   The so-called refers to the same domain, the domain name, protocol, port are the same

Explanation:

  Protocol : http protocol (http difference is that he and https) Domain Name : domain name is like www.baidu.com, different domain names like www, baidu.com and www.hao123.com   ports : 8080 and 8081 is different ports

example:

URL whether to allow traffic 
HTTP: // www.domain.com/a.js 
HTTP: // www.domain.com/b.js the same domain name, or a different file path allows 
HTTP: // www.domain.com/lab /c.js 

HTTP: // www.domain.com:8000/a.js 
HTTP: // www.domain.com/b.js the same domain name, a different port does not allow 
 
HTTP: // www.domain.com/a .js 
HTTPS: // www.domain.com/b.js the same domain name, different protocol does not allow 
 
HTTP: // www.domain.com/a.js 
HTTP: // 192.168.4.12/b.js domain names and corresponding domain name do not allow the same ip 
 
http:// www.domain.com/a.js 
HTTP: // same x.domain.com/b.js primary domains, subdomains, different does not allow 
HTTP: // domain.com/c.js 
 
HTTP: // the WWW. domain1.com/a.js 
HTTP: // www.domain2.com/b.js different domain names are not allowed

Two: Same Origin Policy

Same Origin Policy:

    Origin policy is a security feature browser client script different sources in the absence of express authorization, can not read and write other resources.

Origin policy restrictions:

   How same-origin policy restrictions in load from a source document or script to interact with resources from another source. This is a critical security mechanism for isolating potentially malicious files. It is there to protect user privacy information, prevent identity forgery, etc. (read Cookie).

Origin policy restrictions contents are:

  • Cookie, LocalStorage, IndexedDB storage and other content

  • DOM node

  • AJAX request can not be transmitted

Some browsers are not subject to cross-domain limits:

1, page links, and redirects form submissions are not subject to the same origin policy restrictions.
2, the introduction of cross-domain resources is possible. But can not read and write js loaded content. The embedded page <script src = "..."> </ script>, <img>, <link>, <iframe> and the like.

Three : a common approach across domains

 1: cross-domain projects in vue

    Because of their common front-end framework vue, we first talk about how to deal with cross-domain in the vue. In cross-domain processing vue is still very easy to get, because the scaffolding vue-cli vue official offer has left us in advance for handling cross-domain interface, we only need to add a few lines of code on it:,

Find index.js config folder, there is a line proxyTable find inside: {}, this is the interface of our stay, we went in to add proxy rules

// example 'localhost: 8080 / api / xxx ' agent to 'www.example.com/api/xxx'
     @ Usage: https://vuejs-templates.github.io/webpack/proxy.html 
    proxyTable: {
       ' / API ' : { 
        target: ' http://xxxxxx.com ' , // domain interface
         // Secure: to false,   // if https interface need to configure this parameter 
        changeOrigin: to true , // if across the interface domains, the required parameters, it is true, the request header will be set to the rule (Access-Control-Allow-Origin ) to match the target server 
        pathRewrite: { 
          ' ^ / API ' : ''  //The interface address is not that common prefix '/ api', it is to be rewritten, if there is itself removed 
        } 
      } 
    },

 Other cross-domain method how he did not come into contact with, do not write here, so as not to harm the younger generation, but I found a few good articles, require children's shoes can go to find out:

   https://segmentfault.com/a/1190000011145364

   https://www.cnblogs.com/smiler/p/5829621.html

   http://www.imooc.com/article/40074

   

Guess you like

Origin www.cnblogs.com/zhengyufeng/p/10967516.html
Recommended
Ranking
2019 JD pen questions - Choir
Grafana installation & basic configuration
How to solve the high gas fee of Filecoin? The official attitude is bright!
Informatization development 59
Date,DateFormat,Calendar,
Introduction to MySQL - Understanding MySQL
win10 conexão de área de trabalho remota ubuntu20 (RDP)
52. Customize generics on methods
Detailed explanation of CAP, ACID, BASE theory and NWR practice strategy
UnknownHostException:XXX:Name or service not know
Daily
More
2024-08-01(0)
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)

Code World

© 2018 codetd.com